Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation


Bruce Dang - 2014
    Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.

The Little Go Book


Karl Seguin - 2014
    It's aimed at developers who might not be quite comfortable with the idea of pointers and static typing.http://openmymind.net/The-Little-Go-B...

Planet Google: One Company's Audacious Plan to Organize Everything We Know


Randall E. Stross - 2008
    His revelations demystify the strategy behind the company's recent flurry of bold moves, all driven by the pursuit of a business plan unlike any other: to become the indispensable gatekeeper of all the world's information, the one-stop destination for all our information needs. Will Google succeed? And what are the implications of a single company commanding so much information and knowing so much about us? As ambitious as Google's goal is, with 68 percent of all Web searches (and growing), profits that are the envy of the business world, and a surplus of talent, the company is, Stross shows, well along the way to fulfilling its ambition, becoming as dominant a force on the Web as Microsoft became on the PC. Google isn't just a superior search service anymore. In recent years it has launched a dizzying array of new services and advanced into whole new businesses, from the introductions of its controversial Book Search and the irresistible Google Earth, to bidding for a slice of the wireless-phone spectrum and nonchalantly purchasing YouTube for $1.65 billion. Google has also taken direct aim at Microsoft's core business, offering free e-mail and software from word processing to spreadsheets and calendars, pushing a transformative -- and highly disruptive -- concept known as "cloud computing." According to this plan, users will increasingly store all of their data on Google's massive servers -- a network of a million computers that amounts to the world's largest supercomputer, with unlimited capacity to house all the information Google seeks. The more offerings Google adds, and the more ubiquitous a presence it becomes, the more dependent its users become on its services and the more information they contribute to its uni

Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer


William R. Johnson - 1987
    CI is often misunderstood and narrowly equated with security and catching spies, which are only part of the picture. As William R. Johnson explains, CI is the art of actively protecting secrets but also aggressively thwarting, penetrating, and deceiving hostile intelligence organizations to neutralize or even manipulate their operations.Johnson, a career CIA intelligence officer, lucidly presents the nuts and bolts of the business of counterintelligence and the characteristics that make a good CI officer. Although written during the late Cold War, this book continues to be useful for intelligence professionals, scholars, and students because the basic principles of CI are largely timeless. General readers will enjoy the lively narrative and detailed descriptions of tradecraft that reveal the real world of intelligence and espionage. A new foreword by former CIA officer and noted author William Hood provides a contemporary perspective on this valuable book and its author.

@War: The Rise of the Military-Internet Complex


Shane Harris - 2014
    In fact, as @WAR shows, U.S. hackers were crucial to our victory in Iraq. Shane Harris delves into the frontlines of America’s new cyber war. As recent revelations have shown, government agencies are joining with tech giants like Google and Facebook to collect vast amounts of information. The military has also formed a new alliance with tech and finance companies to patrol cyberspace, and Harris offers a deeper glimpse into this partnership than we have ever seen before. Finally, Harris explains what the new cybersecurity regime means for all of us, who spend our daily lives bound to the Internet — and are vulnerable to its dangers.

Advanced Penetration Testing: Hacking the World's Most Secure Networks


Wil Allsopp - 2017
    Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data--even from organizations without a direct Internet connection--this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level--and this book shows you how to defend your high security network.Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

Exploding Data: Reclaiming Our Cybersecurity in the Digital Age


Michael Chertoff - 2018
    And yet, as daily events underscore, we are ever more vulnerable to cyber-attack.In this bracing book, Michael Chertoff makes clear that our laws and policies surrounding the protection of personal information, written for an earlier time, need to be completely overhauled in the Internet era. On the one hand, the collection of data--more widespread by business than by government, and impossible to stop--should be facilitated as an ultimate protection for society. On the other, standards under which information can be inspected, analyzed, or used must be significantly tightened. In offering his compelling call for action, Chertoff argues that what is at stake is not so much the simple loss of privacy, which is almost impossible to protect, but of individual autonomy--the ability to make personal choices free of manipulation or coercion. Offering colorful stories over many decades that illuminate the three periods of data gathering we have experienced, Chertoff explains the complex legalities surrounding issues of data collection and dissemination today, and charts a path that balances the needs of government, business, and individuals alike.

Embedded Android: Porting, Extending, and Customizing


Karim Yaghmour - 2011
    You'll also receive updates when significant changes are made, as well as the final ebook version. Embedded Android is for Developers wanting to create embedded systems based on Android and for those wanting to port Android to new hardware, or creating a custom development environment. Hackers and moders will also find this an indispensible guide to how Android works.

Zero Trust Networks: Building Secure Systems in Untrusted Networks


Evan Gilman - 2017
    Hosts behind the firewall have no defenses of their own, so when a host in the trusted zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile.Authors Evan Gilman and Doug Barth show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.Understand how the zero trust model embeds security within the system's operation, rather than layering it on topExamine the fundamental concepts at play in a zero trust network, including network agents and trust enginesUse existing technology to establish trust among the actors in a networkLearn how to migrate from a perimeter-based network to a zero trust network in productionExplore case studies of zero trust on the client side (Google) and on the server (PagerDuty)

Threat Modeling: Designing for Security


Adam Shostack - 2014
    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

Computer Organization and Architecture: Designing for Performance


William Stallings - 1987
    For courses in computer organization and architecture, this text provides a clear, comprehensive presentation of the organization and architecture of contemporary computers.

The C# Player's Guide


R.B. Whitaker - 2012
    

Practical UNIX & Internet Security


Simson Garfinkel - 1991
    Crammed with information about host security, it saved many a UNIX system administrator and user from disaster.This second edition is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. It covers features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. The first edition was practical, entertaining, and full of useful scripts, tips, and warnings. This edition is all those things -- and more.If you are a UNIX system administrator or user in this security-conscious age, you need this book. It's a practical guide that spells out, in readable and entertaining language, the threats, the system vulnerabilities, and the countermeasures you can adopt to protect your UNIX system, network, and Internet connection. It's complete -- covering both host and network security -- and doesn't require that you be a programmer or a UNIX guru to use it.Practical UNIX & Internet Security describes the issues, approaches, and methods for implementing security measures. It covers UNIX basics, the details of security, the ways that intruders can get into your system, and the ways you can detect them, clean up after them, and even prosecute them if they do get in. Filled with practical scripts, tricks, and warnings, Practical UNIX & Internet Security tells you everything you need to know to make your UNIX system as secure as it possible can be.Contents include:Part I: Computer Security Basics. Introduction and security policies. Part II: User Responsibilities. Users and their passwords, groups, the superuser, the UNIX filesystem, and cryptography. Part III: System Administrator Responsibilities. Backups, defending accounts, integrity checking, log files, programmed threats, physical security, and personnel security. Part IV: Network and Internet Security: telephone security, UUCP, TCP/IP networks, TCP/IP services, WWW, RPC, NIS, NIS+, Kerberos, and NFS. Part V: Advanced Topics: firewalls, wrappers, proxies, and secure programming. Part VI: Handling Security Incidents: discovering a breakin, U.S. law, and trust. VII: Appendixes. UNIX system security checklist, important files, UNIX processes, paper and electronic sources, security organizations, and table of IP services.

HTML Black Book: The Programmer's Complete HTML Reference Book


Steven Holzner - 2000
    An immediate and comprehensive answer source, rather than a diffuse tutorial, for serious programmers who want to see difficult material covered in depth without the fluff. Discusses XML, dynamic HTML, JavaScript, Java, and Perl CGI programming to create a full Web site programming package. Written by the author of several successful titles published by The Coriolis Group.

Inside Cyber Warfare: Mapping the Cyber Underworld


Jeffrey Carr - 2009
    You'll learn how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.Inside Cyber Warfare goes beyond the headlines of attention-grabbing DDoS attacks and takes a deep look inside multiple cyber-conflicts that occurred from 2002 through summer 2009.Learn how cyber attacks are waged in open conflicts, including recent hostilities between Russia and Georgia, and Israel and PalestineDiscover why Twitter, Facebook, LiveJournal, Vkontakte, and other sites on the social web are mined by the intelligence services of many nationsRead about China's commitment to penetrate the networks of its technologically superior adversaries as a matter of national survivalFind out why many attacks originate from servers in the United States, and who's responsibleLearn how hackers are "weaponizing" malware to attack vulnerabilities at the application level